Switch internals VLANs Default NSNA port VLAN access Filter per VLAN restricted DHCP Relay Agent drop all except: DHCP, DNS, ARP, SMB additional VLANsto SNAS HTTP/HTTPS destined Department: devolvement drop all except: DHCP, DNS,
Download ReportTranscript Switch internals VLANs Default NSNA port VLAN access Filter per VLAN restricted DHCP Relay Agent drop all except: DHCP, DNS, ARP, SMB additional VLANsto SNAS HTTP/HTTPS destined Department: devolvement drop all except: DHCP, DNS,
Switch internals
VLANs Default NSNA port VLAN access Filter per VLAN restricted
drop all except: DHCP, DNS, ARP, SMB HTTP/HTTPS destined to SNAS
Department: devolvement
drop all except: DHCP, DNS, ARP, SMB HTTP/HTTPS destined to SNAS
Floor Switch L2 Remediation
drop all except: DHCP, DNS, ARP, ICMP HTTP/HTTPS destined to SNAS all traffic to Yellow-1 Subnet
NSNA default Filter Guest
drop all except: DHCP, DNS, ARP, ICMP HTTP/HTTPS destined to SNAS all traffic to internet
Department: engineering
drop all except: DHCP, DNS, ARP, SMB HTTP/HTTPS destined to SNAS
Core Switch L3 DHCP Relay Filter restrict each VLAN down to the minimum of communication Port assignment either static or 802.1x or NSNA Printer
drop all except: DHCP, DNS ARP, ICMP, LPR, IPP, TCP/515 & 9100 All from source Print Server
VoIP
drop all except: DHCP, DNS ARP, ICMP, UNISTIM UDP port RTP UPD ports 1/117
Enter the network
connect PC request IP start Internet Explorer and open a web page (www.google.com) PC DNS query goes to the SNAS VIP and get the VIP back Login through the captive portal validate user Tunnel Guard check Floor Switch L2 Core Switch L3 www.google.com = SNAS VIP SNAS DNS DHCP LDAP Radius DHCP provides IP = red VLAN IP DNS = SNAS VIP
2/117
3/117
Integrity check fails
corporate policy compliant => NO inform Access Controller reconfigure switch issue new IP (triggered through TG) TG inform third party application Floor Switch L2 Core Switch L3 SNAS Remediation DNS DHCP
4/117
Integrity check fails => pass
corporate policy compliant => OK inform Access Controller reconfigure switch issue new IP (triggered through TG) ready to work Floor Switch L2 Server Farm Core Switch L3 SNAS DNS DHCP
5/117
Integrity check pass
corporate policy compliant => OK inform Access Controller reconfigure switch issue new IP (triggered through TG) ready to work Floor Switch L2 Server Farm Core Switch L3 SNAS DNS DHCP
6/117
Voice over IP (i200
x
)
connect IP phone request IP DHCP-SV provide the VLAN ID inform Access Controller request IP again with VLAN ID tag ready to work Floor Switch L2 central voice services Core Switch L3 SNAS DNS DHCP DHCP offer with VLAN tag ID with IP from white IP range DHCP provide the call SV parameter